3 from django.db.models import F, Q
4 from planetstack.config import Config
5 from observer.openstacksyncstep import OpenStackSyncStep
6 from core.models import User, UserDeployments, SitePrivilege, SiteDeployments
8 class SyncSitePrivileges(OpenStackSyncStep):
10 provides=[SitePrivilege]
12 def fetch_pending(self):
13 return SitePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
15 def sync_record(self, site_priv):
16 if site_priv.user.kuser_id and site_priv.site.tenant_id:
17 self.driver.add_user_role(site_priv.user.kuser_id,
18 site_priv.site.tenant_id,
21 # sync site privileges at all site deployments
22 site_deployments = SiteDeployments.objects.filter(site=site_priv.site)
23 for site_deployment in site_deployments:
24 user_deployments = UserDeployments.objects.filter(deployment=site_deployment.deployment)
26 kuser_id = user_deployments[0].kuser_id
27 driver = self.driver.admin_driver(deployment=site_deployment.deployment.name)
28 driver.add_user_role(kuser_id,
29 site_deployment.tenant_id,